标签:部署ftp 文件共享服务
第九单元
部署ftp 文件共享服务
1 安装ftp
yum install vsftpd -y
systemctl start vsftpd
Systemctl stop firewalld
Systemctl enable vsftpd
lftp ip ##能登陆并且显示,表示安装成功
如果不想关闭防火墙,就将其列入firewall-cmd --list-all中
过程如下:
[root@localhost Desktop]# getenforce
Disabled
[root@localhost Desktop]# systemctl start firewalld
[root@localhost Desktop]# systemctl enable firewalld
[root@localhost Desktop]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost Desktop]# firewall-cmd --permanent --add-service=ftp
success
[root@localhost Desktop]# firewall-cmd --reload
success
2.vsftpd文件信息
/var/ftp ##默认发布目录
/etc/vsftpd ##配置目录
3.vsftpd服务的配置参数
1)匿名用户设定
anonymous_enable=YES|NO##匿名用户登陆限制
#<匿名用户上传>
vim /etc/vsftpd/vsftpd.conf
write_enable=YES
anon_upload_enable=YES
chgrp ftp /var/ftp/pub ###不写的话会出现553错误##
chmod 775 /var/ftp/pub
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# ll -d /var/ftp/pub/
drwxr-xr-x 2 root root 6 Mar 7 2014 /var/ftp/pub/
[root@localhost Desktop]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
[root@localhost Desktop]# chgrp ftp /var/ftp/pub/
[root@localhost Desktop]# chmod 775 /var/ftp/pub/
[root@localhost Desktop]# ll -d /var/ftp/pub/
drwxrwxr-x 2 root ftp 6 Mar 7 2014 /var/ftp/pub/
[root@localhost Desktop]# lftp 172.25.254.212
lftp 172.25.254.212:~> ls
drwxrwxr-x 2 0 50 6 Mar 07 2014 pub
lftp 172.25.254.212:/> cd pub/
lftp 172.25.254.212:/pub> ls
lftp 172.25.254.212:/pub> put /etc/passwd
2048 bytes transferred
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:00 passwd ###14,50分别指ftp用户的uid和gid###
#<匿名用户家目录修改>
anon_root=/direcotry
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# mkdir /westos
[root@localhost Desktop]# touch /westos/file{1..3}
[root@localhost Desktop]# lftp 172.25.254.150
lftp 172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 12:30 file1
-rw-r--r-- 1 0 0 0 Apr 26 12:30 file2
-rw-r--r-- 1 0 0 0 Apr 26 12:30 file3
lftp 172.25.254.150:/>
#<匿名用户上传文件默认权限修改>
anon_umask=xxx
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@localhost Desktop]# lftp 172.25.254.150
lftp 172.25.254.150:~> ls
drwxrwxr-x 2 0 50 19 Apr 26 12:26 pub
lftp 172.25.254.150:/> cd pub/
lftp 172.25.254.150:/pub> ls
-rw------- 1 14 50 2005 Apr 26 12:26 passwd
lftp 172.25.254.150:/pub> put /etc/group
865 bytes transferred
lftp 172.25.254.150:/pub> ls
-rw-r--r-- 1 14 50 865 Apr 26 12:46 group
-rw------- 1 14 50 2005 Apr 26 12:26 passwd
lftp 172.25.254.150:/pub>
#<匿名用户建立目录>
anon_mkdir_write_enable=YES|NO
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.212
lftp 172.25.254.212:~> ls
drwxrwxr-x 2 0 50 19 Apr 23 03:00 pub
lftp 172.25.254.212:/> cd pub/
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:00 passwd
lftp 172.25.254.212:/pub> mkdir test
mkdir ok, `test‘ created
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:13 test
lftp 172.25.254.212:/pub>
#<匿名用户删除>
anon_other_write_enable=YES|NO
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.212
lftp 172.25.254.212:~> ls
drwxrwxr-x 3 0 50 30 Apr 23 03:13 pub
lftp 172.25.254.212:/> cd pub/
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:13 test
lftp 172.25.254.212:/pub> rm passwd
rm ok, `passwd‘ removed
lftp 172.25.254.212:/pub> ls
drwx------ 2 14 50 6 Apr 23 03:13 test
lftp 172.25.254.212:/pub> rm -r test/
rm ok, `test/‘ removed
lftp 172.25.254.212:/pub> ls
lftp 172.25.254.212:/pub>
#<匿名用户下载>
anon_world_readable_only=YES|NO ##设定参数值为no表示匿名用户可以下载
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.212
lftp 172.25.254.212:~> ls
drwxrwxr-x 2 0 50 6 Apr 23 03:26 pub
lftp 172.25.254.212:/> cd pub/
lftp 172.25.254.212:/pub> ls
lftp 172.25.254.212:/pub> put /etc/passwd
2048 bytes transferred
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:30 passwd
lftp 172.25.254.212:/pub> get /etc/passwd
get: Access failed: 550 Failed to open file. (/etc/passwd)
lftp 172.25.254.212:/pub> ls
-rw------- 1 14 50 2048 Apr 23 03:30 passwd
lftp 172.25.254.212:/pub> get passwd
2048 bytes transferred
lftp 172.25.254.212:/pub>
#<匿名用户使用的用户身份修改>
chown_uploads=YES
chown_username=student
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.150
lftp 172.25.254.150:~> ls
drwxrwxr-x 2 0 50 31 Apr 26 12:46 pub
lftp 172.25.254.150:/> cd pub/
lftp 172.25.254.150:/pub> ls
-rw-r--r-- 1 14 50 865 Apr 26 12:46 group
-rw------- 1 14 50 2005 Apr 26 12:26 passwd
lftp 172.25.254.150:/pub> put /etc/inittab
491 bytes transferred
lftp 172.25.254.150:/pub> ls
-rw-r--r-- 1 14 50 865 Apr 26 12:46 group
-rw------- 1 14 50 491 Apr 26 12:57 inittab
-rw------- 1 14 50 2005 Apr 26 12:26 passwd
lftp 172.25.254.150:/pub> put /etc/inittab
put: Access failed: 553 Could not create file. (inittab)
lftp 172.25.254.150:/pub>
#<最大上传速率>
anon_max_rate=102400
#<最大链接数>
max_clients=2
2)本地用户设定
local_enable=YES|NO##本地用户登陆限制
write_enable=YES|NO##本地用户写权限限制
过程如下:
[root@localhost Desktop]# touch /home/westos/file{1..2}
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file1
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
lftp westos@172.25.254.150:~> rm -fr file1
rm ok, `file1‘ removed
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
lftp westos@172.25.254.150:~> quit
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
lftp westos@172.25.254.150:~> rm -fr file2
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
lftp westos@172.25.254.150:~>
#<本地用户家目录修改>
local_root=/directory
过程如下:
[root@localhost Desktop]# mkdir /harry
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# touch /harry/harryfile1
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:25 harryfile1
lftp westos@172.25.254.150:~> quit
[root@localhost Desktop]# lftp 172.25.254.150 -u redhat
Password:
lftp redhat@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:25 harryfile1
lftp redhat@172.25.254.150:~>
#<本地用户上传文件权限>
local_umask=xxx
过程如下:
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
lftp westos@172.25.254.150:~> put /etc/passwd
2132 bytes transferred
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~> quit
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~> put /etc/group
894 bytes transferred
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~>
#<限制本地用户浏览/目录>
所有用户被锁定到自己的家目录中
chroot_local_user=YES
chmod u-w /home/*
过程如下:
限制前:
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~> cd /
cd ok, cwd=/
lftp westos@172.25.254.150:/> ls
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jul 10 2014 boot
drwxr-xr-x 18 0 0 2820 Apr 26 12:15 dev
drwxr-xr-x 134 0 0 8192 Apr 26 13:27 etc
drwxr-xr-x 2 0 0 23 Apr 26 13:25 harry
drwxr-xr-x 6 0 0 58 Apr 26 13:16 home
lrwxrwxrwx 1 0 0 7 May 07 2014 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 May 07 2014 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 13 2014 media
drwxr-xr-x 2 0 0 20 Apr 26 13:01 mnt
drwxr-xr-x 3 0 0 15 Jul 10 2014 opt
dr-xr-xr-x 158 0 0 0 Apr 26 12:14 proc
dr-xr-x--- 14 0 0 4096 Apr 26 13:44 root
drwxr-xr-x 35 0 0 1140 Apr 26 12:16 run
lrwxrwxrwx 1 0 0 8 May 07 2014 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 13 2014 srv
dr-xr-xr-x 13 0 0 0 Apr 26 12:14 sys
drwxrwxrwt 12 0 0 4096 Apr 26 13:44 tmp
drwxr-xr-x 13 0 0 4096 May 07 2014 usr
drwxr-xr-x 23 0 0 4096 Apr 26 12:14 var
drwxr-xr-x 2 0 0 42 Apr 26 12:30 westos
lftp westos@172.25.254.150:/>
限制后:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# chmod u-w /home/*
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:/> cd /
lftp westos@172.25.254.150:/> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:/> quit
[root@localhost Desktop]#
用户黑名单建立
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# vim /etc/vsftpd/chroot_list
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
ls: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
lftp westos@172.25.254.150:~> quit
[root@localhost Desktop]# lftp 172.25.254.150 -u redhat
Password:
lftp redhat@172.25.254.150:~> ls
lftp redhat@172.25.254.150:~>
用户白名单建立
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# vim /etc/vsftpd/chroot_list
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~> quit
[root@localhost Desktop]# lftp 172.25.254.150 -u redhat
Password:
lftp redhat@172.25.254.150:~> ls
ls: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
lftp redhat@172.25.254.150:~>
#<限制本地用户登陆>
vim /etc/vsftpd/ftpusers##用户永久黑名单
过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/ftpusers
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
ls: Login failed: 530 Login incorrect.
lftp westos@172.25.254.150:~> quit
vim /etc/vsftpd/user_list##用户临时黑名单,可变成白名单
临时黑名单过程如下:
[root@localhost Desktop]# vim /etc/vsftpd/user_list
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
ls: Login failed: 530 Permission denied.
lftp westos@172.25.254.150:~> quit
变成白名单:
[root@localhost Desktop]# vim /etc/vsftpd/vsftpd.conf
[root@localhost Desktop]# systemctl restart vsftpd.service
[root@localhost Desktop]# lftp 172.25.254.150 -u westos
Password:
lftp westos@172.25.254.150:~> ls
-rw-r--r-- 1 0 0 0 Apr 26 13:10 file2
-rw------- 1 1001 1001 894 Apr 26 13:36 group
-rw-r--r-- 1 1001 1001 2132 Apr 26 13:35 passwd
lftp westos@172.25.254.150:~>
#<ftp虚拟用户的设定>
创建虚拟帐号身份)
vim /etc/vsftpd/loginusers##文件名称任意
ftpuser1
123
ftpuser2
123
ftpuser3
123
db_load -T -t hash -f /etc/vsftpd/loginusers loginusers.db
vim /etc/pam.d/ckvsftpd##文件名称任意
accountrequiredpam_userdb.sodb=/etc/vsftpd/loginusers
authrequiredpam_userdb.sodb=/etc/vsftpd/loginusers
vim /etc/vsftpd/vsftpd.conf
pam_service_name=ckvsftpd
guest_enable=YES
过程如下:
[root@localhost vsftpd]# pwd
/etc/vsftpd
[root@localhost vsftpd]# vim ftpuserfile
[root@localhost vsftpd]# db_load -T -t hash -f ftpuserfile
usage: db_load [-nTV] [-c name=value] [-f file]
[-h home] [-P password] [-t btree | hash | recno | queue] db_file
usage: db_load -r lsn | fileid [-h home] [-P password] db_file
[root@localhost vsftpd]# db_load -T -t hash -f ftpuserfile ftpuserfile.db
[root@localhost vsftpd]# cd /etc/pam.d/
[root@localhost pam.d]# vim ftpuser
[root@localhost pam.d]# vim /etc/vsftpd/vsftpd.conf
[root@localhost pam.d]# systemctl restart vsftpd.service
[root@localhost pam.d]# lftp 172.25.254.212 -u westos
Password:
lftp westos@172.25.254.212:~> ls
ls: Login failed: 530 Login incorrect.
lftp westos@172.25.254.212:~> quit
[root@localhost pam.d]# lftp 172.25.254.212 -u user1
Password:
lftp user1@172.25.254.212:~> ls
lftp user1@172.25.254.212:/> quit
[root@localhost pam.d]# lftp 172.25.254.212 -u user2
Password:
lftp user2@172.25.254.212:~> ls
lftp user2@172.25.254.212:/> quit
[root@localhost pam.d]# lftp 172.25.254.212 -u user3
Password:
lftp user3@172.25.254.212:~> ls
lftp user3@172.25.254.212:/> quit
[root@localhost pam.d]#
虚拟帐号身份指定)
guest_username=ftpuser
chmod u-w /home/ftpuser
虚拟帐号家目录独立设定)
vim /etc/vsftpd/vsftpd.conf
local_root=/ftpuserhome/$USER
user_sub_token=$USER
mkdir /ftpuserhome
chgrp ftpuser /ftpuserhome
chmod g+s /ftpuserhome
mkdir /ftpuserhome/ftpuser{1..3}
过程如下:
[root@localhost ~]# mkdir /ftpdir/user{1..3} -p
[root@localhost ~]# mkdir /ftpdir/user{1..3}/upload
[root@localhost ~]# touch /ftpdir/user1/userfile1
[root@localhost ~]# touch /ftpdir/user2/userfile2
[root@localhost ~]# touch /ftpdir/user3/userfile3
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[root@localhost ~]# lftp 172.25.254.212 -u user3
Password:
lftp user3@172.25.254.212:~> ls
drwxr-xr-x 2 0 0 6 Apr 23 07:31 upload
-rw-r--r-- 1 0 0 0 Apr 23 07:32 userfile3
lftp user3@172.25.254.212:/> quit
[root@localhost ~]# lftp 172.25.254.212 -u user2
Password:
lftp user2@172.25.254.212:~> ls
drwxr-xr-x 2 0 0 6 Apr 23 07:31 upload
-rw-r--r-- 1 0 0 0 Apr 23 07:32 userfile2
lftp user2@172.25.254.212:/> lftp 172.25.254.212 -u user1
Password:
lftp user1@172.25.254.212:~> ls
drwxr-xr-x 2 0 0 6 Apr 23 07:31 upload
-rw-r--r-- 1 0 0 0 Apr 23 07:32 userfile1
lftp user1@172.25.254.212:/>
标签:部署ftp 文件共享服务
原文地址:http://12774272.blog.51cto.com/12764272/1919998
